Remind them it's their job to keep the network secure. Authenticated scanning helps them do that, because without it they will completely miss serious vulnerabilities that need fixing. Unless they want to set up a secondary manual process just for those vulns,

Maybe you can offer to roll it out to one or two devices first, just so they can feel more relaxed about it. Network guys will probably want to science the shit out of the scanning traffic profiles, so let them do that. You can tune the scan option profile until they either are happy or lose interest, then plan a progressive rollout for the rest of the fleet.

Offer them an account on the Qualys service so they can look at some of their reports. Maybe.

An authenticated scan will allow the Qualys service to dig deeper into the system config with the access to critical config settings and even the entire config file. We can look not just for missing patches or but also for mis-configurations. Browse the qualys knowledge-base and run a search against the network device OS and see the list of things that you can do with authentication.